The US Pentagon, the FBI, and the Division of Homeland Safety on Friday uncovered a North Korean hacking operation and supplied technical particulars for seven items of malware used within the marketing campaign.
The US Cyber Nationwide Mission Drive, an arm of the Pentagon’s US Cyber Command, stated on Twitter that the malware is “presently used for phishing & distant entry by [North Korean government] cyber actors to conduct criminality, steal funds & evade sanctions.” The tweet linked to a put up on VirusTotal, the Alphabet-owned malware repository, that supplied cryptographic hashes, file names, and different technical particulars that may assist defenders establish compromises contained in the networks they shield.
Malware attributed to #NorthKorea by @FBI_NCIJTF simply launched right here: https://t.co/cBqSL7DJzI. This malware is presently used for phishing & distant entry by #DPRK cyber actors to conduct criminality, steal funds & evade sanctions. #HappyValentines @CISAgov @DHS @US_CYBERCOM
— USCYBERCOM Malware Alert (@CNMF_VirusAlert) February 14, 2020
An accompanying advisory from the DHS’s Cybersecurity and Infrastructure Safety Company stated the marketing campaign was the work of Hidden Cobra, the federal government’s title for a hacking group sponsored by the North Korean Authorities. Many safety researchers within the non-public sector use different names for the group, together with Lazarus and Zinc. Six of the seven malware households have been uploaded to VirusTotal on Friday. They included:
Learn four remaining paragraphs | Feedback